The modern computer network is often an amalgam of disparate computer systems, particularly for business, government and educational organizations. These computer systems are often networked together in what is a virtual nervous system, integrating a diverse array of operational activities.
There may be several points in the normal course of a computer network where identity may need to be determined. Logging in to a system is one such point. Other points include when verifying that a person did in fact send an email, acquiring electronic signatures for documents or approving a security alert. When such an event occurs, the system is invoked to verify identity of a given target user.
The security and integrity of each individual network has become a significant area of concern. Many diverse security systems exist to protect organizations from malicious attacks on the data, computers and networking that comprise each such network. Some are more successful than others.
Companies have responded to these attacks in several ways. One of the most common is to use a second channel of proof that is independent of the computer channel.
The technique with the broadest deployment is Short Message Service One-Time Passwords (SMS OTP). In this case, a mobile phone is used as an independent channel for authentication built upon the capability to receive SMS messages. When a user forgets their password for example, a SMS message is sent to the user's mobile phone containing a temporary password that can be used only once. The user is to log in with the one-time password and then change their password. This method has been broadly deployed since it is fairly cheap to implement, as most people have their own mobile phones and so additional hardware is not necessary.
Another technique is to use a hardware token, e.g. a key fob, which generates a temporary code that can be authenticated at the server end to grant access, such as the RSA SECURID system.
Another technique in the market is the use of biometrics. Biometrics refers to mathematical representations of human aspects such as facial or voice measurements that can be used to uniquely identify an individual within a given confidence threshold. First, the user's biometrics are enrolled into a system, and subsequently when the user returns claiming an identity, the presented biometrics are compared to the stored values and a determination is made on identity.
Another approach is to use mobile phones, associating a phone's unique characteristics with a user. For example, a phone may have a unique network address, and this address can be associated with a user.